SCOM: UNIX/Linux Process Monitoring in the Net-SNMP MP In Detail

Regardless of the operating system, monitoring of the availability and resource utilization of individual processes is a pretty standard requirement.  Between WMI and PerfMon counters, this is easy on Windows systems, but doing the same on UNIX/Linux systems can be a little bit more complicated.   In Operations Manager 2007 (R2) environments, there are three general approaches (excluding third party products) that can be utilized to monitor individual processes on UNIX and Linux systems:

1. An agent-based solution using the R2 Cross Platform agents
2. A purely SNMP solution using tables in the HOST-RESOURCES MIB
3. An extended SNMP solution using the proc or exec directives in the Net-SNMP agent’s snmpd.conf file

I think it’s fair to say that in most cases (and when it is supported), the R2 Cross Platform agent is the best and most robust approach.   However, it’s almost an inevitability in medium and large enterprises that there will be some UNIX or Linux servers or appliances running distributions not supported by the R2 agents.  In these cases, or if there is another compelling reason not to deploy agent software to the device, SNMP may be the best or only option.   The pure SNMP option is probably the most universally applicable approach, but introduces a number of challenges, which I will discuss in this post.  The third option brings a great degree of flexibility (particularly with the exec directive, which can return the result of an on-demand shell script to an SNMP OID) but requires decentralized configuration. 

The approach that I took in the Net-SNMP Management Pack is a hybrid of the pure SNMP and extended SNMP options.  The latest version of the MP (which I will be posting soon) supports process resource utilization through the HOST-RESOURCES MIB tables in addition to process availability monitoring facilitated by identifying the monitored processes with the proc directive in snmpd.conf.  And as described in the previous post about the MP, if ultimate flexibility is needed, the Extensible Object capability with the exec directive is still supported.  

UNIX/Linux SNMP Process Monitoring In-Depth

Read more of this post

SCOM: Net-SNMP Management Packs for UNIX/Linux Monitoring, Version 1.0.1

I have completed version 1.0.1 of the Net-SNMP management packs for OpsMgr 2007 R2 , and I thought I’d go ahead and share them.  At this point, my testing of the management packs has been on a small development network with Sun and CentOS servers, but so far everything is looking pretty good.   These management packs should provide a pretty good set of monitoring for UNIX and Linux servers that run the Net-SNMP agent, which includes Solaris, most Linux distributions, and even VMWare ESX and Checkpoint Secure Platform. 

As I had discussed in my last post, there are two management packs in this set.  The Net-SNMP Library management pack defines the classes and performs discoveries.   This can be imported by itself to facilitate completely custom monitoring or to be referenced in other management packs.   The Net-SNMP Monitoring management pack implements a pretty standard set of monitors for UNIX/Linux server performance and availability monitoring and supports the Exec, Proc, and File directives of the Net-SNMP agent configuration. 

The management packs can be downloaded here.  They are released under the GNU Public License and can be used, modified, and distributed freely, as long as the attribution remains intact. 

Some screenshots:

Read more of this post

SCOM: A Net-SNMP Management Pack for UNIX Monitoring, Part I – Desiging the MP

The Net-SNMP agent is a cross-platform SNMP agent that is often bundled with UNIX (e.g. Solaris) and Linux distributions (including VMWare and Checkpoint Splat).   The agent implements some relatively standard MIBs, such as the UC Davis (UCD-SNMP-MIB) and HOST-RESOURCES MIBs, exposing a good selection of operating system metrics for monitoring.  Furthermore, the agent is remarkably extensible in a few different ways.  The agent can be extended with “dlMod” module extensions to integrate additional SNMP components, such as the VMWare or HP Insight Management Agent modules.   Additionally, the Net-SNMP agent can be configured to proxy for another SNMP agent listening on a different port, which is how the Sun SunFire Management Agent is typically configured.   Lastly, the Net-SNMP agent provides the ability to define processes, files, extensible objects, load average objects, and disks for specific monitoring.  For each of these, directives are configured in snmpd.conf with parameters and thresholds, and an SNMP table is exposed that will return the monitored value and status value to an SNMP poll, on-demand.   I had previously  posted an article on using the ext (Extensible Object/Arbitrary Extension) capabilities of the Net-SNMP agent to utilize shell scripts for monitoring of Sun hardware.   With this degree of flexibility, it’s easy to understand why the Net-SNMP agent is so widely utilized.

Design Approach for the Net-SNMP Management Pack

Building on the lessons learned from developing the Cisco Management Pack, I wanted to create a management pack with similar capabilities for monitoring of Net-SNMP agents, followed by a set of management packs for monitoring of vendor-specific hardware (e.g. HP Proliant servers running Linux).   After some thought, I decided that it would be advantageous to split the Net-SNMP management pack into two separate management packs, one that defines the base classes and performs discovery of the classes and one for the actual monitoring.   The reason for this is that I wanted a base management pack without any actual monitoring functions so that it could easily (and more flexibly) be reused for future hardware monitoring management packs.   To illustrate this point, if the native UNIX agent capabilities of R2 are being used to monitor OS-level objects, there is still a need to discover the Net-SNMP agent and create base classes for use in SNMP-based hardware monitoring, but in this case, monitoring OS-level objects with SNMP and the OpsMgr agent would be redundant.  With the multiple MP approach, just the base Net-SNMP management pack could be imported along with the hardware monitoring management packs, skipping the Net-SNMP monitoring management pack altogether.  Additionally, I wanted to leave the monitoring management pack unsealed for easy customization, and MP references can only be made to sealed management packs.  In this way, the Net-SNMP Library MP will be sealed, but the monitoring MP can remain unsealed.

The Net-SNMP Library Management Pack

Read more of this post

SCOM: Advanced SNMP Monitoring Part IV: Making the Cisco MP SP1 Compatible

As previously mentioned, the Cisco Management Pack that I have been describing in the past several posts is specific to OpsMgr R2, due to its reliance on the capability of the System.SnmpProbe’s function to return multiple items in an SNMP walk, which is a feature introduced in R2.   My intention was to design the management pack so that it could easily be made SP1 compatible by substituting the discovery methodology, but keeping the classes and monitoring objects intact.   I am still doing more testing to finalize the SP1 version, but in this post, I am going to introduce the discovery methods that I have implemented for SP1 compatibility.

In general, when dealing with SNMP objects stored in tables, options in SCOM 2007 SP1 are a bit limited.  If the table objects are static, rules could be configured targeting specific OID’s, but this is unlikely to be a common scenario.   Another option (and a quite good one) would be to segregate monitoring duties between SCOM (for servers and applications) and a task-specific SNMP monitoring tool like SolarWinds or JalaSoft for SNMP device monitoring.   But for the purposes of this management pack, the option I pursued involves wrapping an external SNMP provider in WSH scripts to perform the discovery.   I chose to use the WMI provider because of its easy use in VBscripts and object-oriented capabilities, but something like the Net-SNMP binaries could be called with ShellExec methods in a vbs script to accomplish the same goal.  

Before I get into the use of the WMI SNMP provider in this MP, there is some background information that should be discussed.  Firstly, when the WMI SNMP provider is installed, it includes support only for the RFC-1213 MIB.   In order to use the WMI SNMP provider for OID’s not in the RFC-1213 MIB, the MIB files must be converted to MOF files with smi2smir.exe and then imported with mofcomp.exe.    This can get a bit tricky, largely depending on how well constructed the vendor’s MIB is and the dependencies of the MIB.   Once these steps are completed, the WMI SNMP provider exposes SNMP objects as collections that can be accessed natively in VBscripts.   However, the WMI provider is not terribly scalable and when overloaded with requests, WMI will cease to function in a timely fashion.   I had done some testing with using the WMI SNMP provider for rules and monitors, but decided against this approach due to the ease with which the provider can be overloaded when monitoring a handful of objects with reasonably aggressive frequencies.   On the other hand, discoveries are not as time-sensitive as monitors/rules and don’t need to run as frequently, so by using the WMI SNMP provider for discoveries, and the System.SnmpProbe provider for monitors and rules, this hybrid approach should remain pretty scalable. 

Implementation Overview

Read more of this post

SCOM: Updates to the Cisco Management Pack

I have uploaded version 1.01.27 of the Cisco Management Pack.   This minor update includes a few fixes and some new features added in response to some helpful comments from readers who have tried this MP out.  The changes in this version are:

1. Group Population rules have been fixed so that they can be edited in the GUI
2. Performance data collection has been modified to not collect data when the interface is in a partially discovered state.  This should prevent duplication of performance counters for interfaces going forward.   Because the Interface discovery occurs in two parts: 1) discovering the interfaces and 2) discovering the interface properties, I added a property to the Interface class named: Discovered.  When the Interface discovery runs (which just discovers the index), the discovered property will be set to False.  Once the Interface Property discovery runs, this property will be set to True.   The performance collection rules have been modified to only collect data if this property is set to true. 
3. Index discovery can now be filtered with a RegEx expression for a device via an override (create the override on the Discover Cisco Interfaces discovery).   By default, the RegEx expression:  (.|..|…) will be used to discover interfaces, which will discover all interfaces with indexes with 1, 2, or 3 digits in length.  To filter by interface index, the expression can be modified to:  (1|2|3|10|15) where the numbers are the index values for the interfaces to be discovered, separated by pipe characters.   The override for this filter can be targeted at all Cisco devices, a group, or specific devices.
4. I have added a new property to the Interface class named:  “Speed – Override.”  This property allows for manually defining a speed value for the interface to be used in utilization calculations.  There are two scenarios where this is useful: 1) sometimes the value reported in the RFC-1213 ifTable for an interface’s speed isn’t accurate, and 2) if an Ethernet port is the last monitored hop before a lower bandwidth wide-area connection (i.e. the vendor equipment is not monitored), it can be useful to monitor the Ethernet port as if its speed were equivalent to the wide-area connection bandwidth.   For example, if a switch is the last monitored device before connecting to a vendor-managed MetroE connection with a maximum bandwidth of 500Mbit, monitoring utilization on the gigabit switch port will be more accurate if the speed were overridden to 500Mbit.  This property can be set with an override on the Discover Cisco Interface Properties object discovery, by setting the OverrideIFSpeed value to the desired speed, in bits per second.

SCOM: Advanced SNMP Monitoring Part III: The Completed Cisco Management Pack

Note:  This management pack has been replaced by the more feature-rich xSNMP suite.

I still have some more full-scale testing to complete, but I have finished the first version of the Cisco monitoring management pack that I have described in the last few posts.   This version is R2 only, but I hope to have an SP1 version of it complete soon. 

Read more of this post

SCOM: Advanced SNMP Monitoring Part I: Discovering Cisco Devices and Hosted Classes

When limited to editing within the Authoring pane of the Operations Console in OpsMgr, SNMP monitoring options are relatively limited – only SNMP GET requests are supported and data cannot be manipulated before calculating health state.   However, with some pretty heavy authoring, very complex SNMP monitoring becomes completely viable, particularly in R2.   In the next several posts, I will be describing some methods to perform advanced SNMP discovery and monitoring in OpsMgr 2007, such as discovering hosting relationships for entities like network interfaces, as well as passing Snmp data to script probes in order to perform state change monitoring and mathematical operations.  When all is said and done, I will post my management packs for SNMP monitoring of Cisco, Checkpoint, and Net-SNMP devices.   In this post, I will describe the methods I used for custom discovery of Cisco SNMP devices and their hosted entities (interfaces, power supplies, etc).

Cisco SNMP Management Pack: Designing the Classes and Groups

In order to facilitate monitoring of the device (e.g. CPU, Memory, up/down status), individual interfaces (e.g. status, utilization, resets), and Cisco EnvMon objects (e.g. Power Supplies, Temperature, etc), each of these entities are best represented as a unique class with hosting relationships.   For the objects stored in tables, there are two feasible options for discovery.  In SCOM 2007 R2, the ‘walkreturnmultipleitems’ attribute of the System.SnmpProbe probe action can be set in order to walk an SNMP table and return each snmpdata item individually.   In SCOM 2007 SP1, this option is not available, requiring the use of a script discovery with an external snmp probe (such as WMI) in order to retrieve the discovery items.  In this post, I will describe the R2 method, and I will address the script option using the WMI SNMP provider in a later post.  In either case, the class design will be similar.

For monitoring of Cisco SNMP devices, I created five classes:

• CiscoSNMP.Class.CiscoDevice
• CiscoSNMP.Class.CiscoDevice.Interface
• CiscoSNMP.Class.CiscoDevice.PowerSupply
• CiscoSNMP.Class.CiscoDevice.Fan
• CiscoSNMP.Class.CiscoDevice.TemperatureSensor

For the four hardware entities, I created a hosting relationship so that they are hosted by the CiscoDevice class.   The classes, properties, and relationships are represented on this diagram.

Read more of this post